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Abstract 

The A-calculus is considered an useful mathematical 
tool in the study of programming languages. However, 
if one uses ^-conversion to prove equivalence of pro- 
grams, then a gross simplification 1 is introduced. We 
give a calculus based on a categorical semantics for 
computations, which provides a correct basis for prov- 
ing equivalence of programs, independent from any 
specific computational model. 

Introduction 

This paper is about logics for reasoning about pro- 
grams, in particular for proving equivalence of pro- 
grams. Following a consolidated tradition in theoret- 
ical computer science we identify programs with the 
closed A-tcrms, possibly containing extra constants, 
corresponding to some features of the programming 
language under consideration. There are three ap- 
proaches to proving equivalence of programs: 

• The operational approach starts from an oper- 
ational semantics, e.g. a partial function map- 
ping every program (i.e. closed term) to its result- 
ing value (if any) , which induces a congruence re- 
lation on open terms called operational equiva- 
lence (see e.g. [10]). Then the problem is to prove 
that two terms are operationally equivalent. 

• The denotational approach gives an interpreta- 
tion of the (programming) language in a math- 
ematical structure, the intended model. Then 
the problem is to prove that two terms denote the 
same object in the intended model. 
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1 Programs are identified with total functions from values to 
values. 



• The logical approach gives a class of possible 
models for the language. Then the problem is to 
prove that two terms denotes the same object in 
all possible models. 

The operational and denotational approaches give only 
a theory (the operational equivalence w and the set Th 
of formulas valid in the intended model respectively), 
and they (especially the operational approach) deal 
with programming languages on a rather case-by-case 
basis. On the other hand, the logical approach gives 
a consequence relation h (Ax h A iff the formula A is 
true in all models of the set of formulas Ax), which 
can deal with different programming languages (e.g. 
functional, imperative, non-deterministic) in a rather 
uniform way, by simply changing the set of axioms 
Ax, and possibly extending the language with new 
constants. Moreover, the relation h is often semidc- 
cidable, so it is possible to give a sound and complete 
formal system for it, while Th and ss are semidecidable 
only in oversimplified cases. 

We do not take as a starting point for proving equiv- 
alence of programs the theory of ^-conversion, which 
identifies the denotation of a program (procedure) of 
type A — > B with a total function from A to B, since 
this identification wipes out completely behaviours like 
non-termination, non-determinism or side-effects, that 
can be exhibited by real programs. Instead, we pro- 
ceed as follows: 

1. We take category theory as a general theory of 
functions and develop on top a categorical se- 
mantics of computations based on monads. 

2. We consider how the categorical semantics should 
be extended to interpret A-calculus. 

At the end we get a formal system, the computational 
lambda-calculus (A c -calculus for short), for proving 
equivalence of programs, which is sound and com- 
plete w.r.t. the categorical semantics of computations. 
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The methodology outlined above is inspired by [13] 2 , 
and it is followed in [11, 8] to obtain the A p -calculus. 
The view that "category theory comes, logically, be- 
fore the A-calculus" led us to consider a categorical 
semantics of computations first, rather than to mod- 
ify directly the rules of /^-conversion to get a correct 
calculus. 

A type theoretic approach to partial functions and 
computations is attempted in [1] by introducing a type 
constructor A, whose intuitive meaning is the set of 
computations of type A. Our categorical semantics is 
based on a similar idea. Constable and Smith, how- 
ever, do not adequately capture the general axioms for 
computations (as we do), since they lack a general no- 
tion of model and rely instead on operational, domain- 
and recursion-theoretic intuition. 

1 A categorical semantics of 
computations 

The basic idea behind the semantics of programs de- 
scribed below is that a program denotes a morphism 
from A (the object of values of type A) to TB (the 
object of computations of type B). 

This view of programs corresponds to call-by-value 
parameter passing, but there is an alternative view of 
"programs as functions from computations to compu- 
tations" corresponding to call-by-name (see [10]). In 
any case, the real issue is that the notions of value and 
computation should not be confused. By taking call- 
by- value we can stress better the importance of values. 
Moreover, call-by-name can be more easily represented 
in call-by-value than the other way around. 

There are many possible choices for TB correspond- 
ing to different notions of computations, for instance 
in the category of sets the set of partial computa- 
tions (of type B) is the lifting B + {_L} and the set of 
non-deterministic computations is the powerset V(B). 
Rather than focus on specific notions of computations, 
we will identify the general properties that the object 
TB of computations must have. The basic require- 
ment is that programs should form a category, and 
the obvious choice for it is the Kleisli category for a 
monad. 

Definition 1.1 A monad over a category C is a 
triple (T,T],fi), where T:C — > C is a functor, n:ldc 



2 "I am trying to find out where A-calculus should come from, 
and the fact that the notion of a cartesian closed category is a 
late developing one (Eilenberg & Kelly (1966)), is not relevant 
to the argument: I shall try to explain in my own words in the 
next section why we should look to it first" . 



T and fi:T 2 T are natural transformations and the 
following equations hold: 

• \ita\Ha = T{fi A )\fi A 

• Vta; Ha = idivt = T(rj A ); \i A 

A computational model is a monad (T, n, fi) satis- 
fying the mono requirement: i] A is a mono for every 
AeC. 

There is an alternative description of a monad (see 
[7] ) , which is easier to justify computationally. 

Definition 1.2 A Kleisli triple over C is a triple 
(T, »?,_*), where T: Obj(C) -» Obj(C), r, A : A -> T A, 
/*: TA -> TB for f:A->TB and the following equa- 
tions hold: 

• T]* A = id TA 

• VA'J* = f 

• /*;</* = (/;<?*)* 

Every Kleisli triple (T, T], _*) corresponds to a monad 
(T,ri,fi) where T(f:A — > B) = (f;rj B )* and fi A = 
id* TA . 

Intuitively r\ A is the inclusion, of values into compu- 
tations and /* is the extension of a function / from 
values to computations to a function from computa- 
tions to computations, which first evaluates a compu- 
tation and then applies / to the resulting value. The 
equations for Kleisli triples say that programs form 
a category, the Kleisli category Ct, where the set 
C T (A,B) of morphisms from A to B is C{A,TB), the 
identity over A is r\ A and composition of / followed 
by g is /;<?*• Although the mono requirement is very 
natural there are cases in which it seems appropriate 
to drop it, for instance: it may not be satisfied by the 
monad of continuations. 

Before going into more details we consider some ex- 
amples of monads over the category of sets. 

Example 1.3 Non-deterministic computations: 

• T(_) is the covariant powerset functor, i.e. T(A) = 
T(A) and T(f)(X) is the image of X along / 

• n A (a) is the singleton {a} 

• /i A (X) is the big union UX 
Computations with side-effects: 

• T(_) is the functor (_ x S) S , where S is a 
nonempty set of stores. Intuitively a computa- 
tion takes a store and returns a value together 
with the modified store. 



• t]a{o) is (As: S.(a, s)) 

• fJ-A(f) is (As: S .e~val(f s)) , i.e. the computation 
that given a store s, first computes the pair 
computation-store (f',s') — fs and then returns 
the pair value-store (a, s") = fs' . 

Continuations: 

• T(_) is the functor R r( ' } , where R is a nonempty 
set of results. Intuitively a computation takes a 
continuation and returns a result. 

• ?M(a) is (Xk:R A .ka) 

• ma(/) is (Xk:R A .f(Xh:R RA .hk)) 

One can verify for himself that other notions of compu- 
tation (e.g. partial, probabilistic or non-deterministic 
with side-effects) fit in the general definition of monad. 

1.1 A simple language 

We introduce a programming language (with existence 
and equivalence assertions), where programs denote 
morphisms in the Kleisli category Ct corresponding 
to a computational model (T, n, [i) over a category C. 
The language is oversimplified (for instance terms have 
exactly one free variable) in order to define its inter- 
pretation in any computational model. The additional 
structure required to interpret A-terms will be intro- 
duced incrementally (see Section 2), after computa- 
tions have been understood and axiomatized in isola- 
tion. 

The programming language is parametric in a sig- 
nature (i.e. a set of base types and unary command 
symbols), therefore its interpretation in a computa- 
tional model is parametric in an interpretation of the 
symbols in the signature. To stress the fact that the 
interpretation is in Ct (rather than C), we use T\ — t 2 
(instead of t\ — > T2) as arities and _ = _: r (instead of 
_ = _: Tt) as equality of computations of type r. 

• Given an interpretation \A\ for any base type A, 
i.e. an object of Ct, then the interpretation of a 
type t : : = A \ Tt is an object [t] of Ct defined 
in the obvious way, [TV] = T[t]. 

• Given an interpretation [p] for any unary com- 
mand p of arity r\ — 1 T2, i.e. a morphism from 
[ti] to [T2] in Ct, then the interpretation of a 
well-formed program x: t h e: r' is a morphism 
[x: The: t'] in C T from [r] to [r'J defined by 
induction on the derivation of x: t h e: r' (see Ta- 
ble 1). 



• On top of the programming language we consider 
equivalence and existence assertions (see Table 2). 

Remark 1.4 The let-constructor is very important se- 
mantically, since it corresponds to composition in the 
Kleisli category Ct- While substitution corresponds 
to composition in C. In the A-calculus (let x=e in e') is 
usually treated as syntactic sugar for (Xx.e')e, and this 
can be done also in the A c -calculus. However, we think 
that this is not the right way to proceed, because it 
amounts to understanding the let-constructor, which 
makes sense in any computational model, in terms of 
constructors that make sense only in X c -models. On 
the other hand, (let x=e in e') cannot be reduced to 
the more basic substitution (i.e. e'[x:= e]) without 
collapsing Ct to C. 

The existence assertion e J. means that e denotes a 
value and it generalizes the existence predicate used in 
the logic of partial terms/elements, for instance: 

• a partial computation exists iff it terminates; 

• a non-deterministic computation exists iff it gives 
exactly one result; 

• a computation with side-effects exists iff it does 
not change the store. 

2 Extending the language 

In this section we describe the additional structure re- 
quired to interpret A-terms in a computational model. 
It is well-known that A-terms can be interpreted in a 
cartesian closed categories (ccc), so one expects that 
a monad over a ccc would suffice, however, there are 
two problems: 

• the interpretation of (let x=e in e') , when e' has 
other free variables beside x, and 

• the interpretation of functional types. 

Example 2.1 To show why the interpretation of the 
let-constructor is problematic, we try to interpret 
x\:t\ h (letx 2 =e 2 ine): r, when both x\ and x 2 arc 
free in e. Suppose that gi'- n — > Tr 2 and g: n x 
r 2 — » Tt arc the interpretations of Xf.Ti h e 2 :r 2 
and x\:t\,X2-T2 \~ e:r respectively. If T were Idc, 
then [xi:ti h (let X2—e2 in e): r] would be (id Tl , (72); 9- 
In the general case, Table 1 says that _; _ above is 
indeed composition in the Kleisli category, therefore 
(idr!, 02) 5 0 becomes (id Tl , g 2 ); g* ■ But in (id Tl , g 2 ); g* 
there is a type mismatch, since the codomain of 
(id Tl ,g2) is T\ x Tt 2 , while the domain of Tg is 

T(n x r 2 ). 



The problem is that the monad and cartesian prod- 
ucts alone do not give us the ability to transform a 
pair value-computation (or computation-computation) 
into a computation of a pair. What is needed is 
a morphism \,a,b from A x TB to T(A x B), so 
that x\\T\ h (letx 2 =e 2 in e) : Tr will be interpreted by 

(idT 1 ,52);t Tl ,T 2 ;ff*- 

Similarly for interpreting x: t h p(ei, e 2 ): r', we need 
a morphism V>a,b: TA x TB — ► T(A x B), which given 
a pair of computations returns a computation com- 
puting a pair, so that, when g^.r — > Tr^ is the inter- 
pretation of x:t h ejiTj, then [x: r h p(ei,e2):r'] is 
(31,32); ^n,T 2 ; [p1*- 

Definition 2.2 ^4 strong monad over a category C 
with finite products is a monad (T, 77, /x) together with a 
natural transformation \,a,b from A x TB to T(A x B) 
s.t. 

t liA ;T(r A ) = r TA 

t>AxB,C] T(ola,B,c) = OL A ,B,TC', (idyl X t B ^c)',^A,BxC 
(idyl X 7?s);tA,B = ^AxB 
(id^ X ^b)',^A,B = tA,TB', T(\,a,b)'i MAxB 

where r and a are the natural isomorphisms 

• r^: 1 x A — > A 

• a A ,B,c: (-4 x B) x C -> A x (B x C) 

Remark 2.3 The natural transformation t with the 
above properties is not the result of some ad hoc con- 
siderations, instead it can be obtained via the following 
general principle: 

when interpreting a complex language the 2- 
category Cat of small categories, functors 
and natural transformations may not be ad- 
equate and one may have to use a different 
2-category which captures better some funda- 
mental structures underlying the language. 

Since monads and adjunctions are 2-category concepts, 
the most natural way to model computations (and 
datatypes) for more complex languages is simply by 
monads (and adjunctions) in a suitable 2-category. 
Following this general principle we can give two ex- 
planations for t, one based on enriched categories (see 
[4]) and the other on indexed categories (see [3]). 

The first explanation takes as fundamental a com- 
mutative monoidal structure on C, which models the 
tensor product of linear logic (see [6, 14]). If C is a 
monoidal closed category, in particular a ccc, then it 
can be enriched over itself by taking C(A, B) to be 
the object B A . The equations for t are taken from [5], 



where a one-one correspondence is established between 
functorial and tensorial strengths . 

• the first two equations say that t is a tensorial 
strength of T, so that T is a C-enriched functor. 

• the last two equations say that 77 and \x are natu- 
ral transformations between C-enriched functors, 
namely rj: Id c -* T and p. T 2 -* T. 

So a strong monad is just a monad over C enriched 
over itself in the 2-category of C-enriched categories. 

The second explanation was suggested to us by G. 
Plotkin, and takes as fundamental structure a class T> 
of display maps over C, which models dependent types 
(see [2]), and induces a C-indexed category C/x>- Then 
a strong monad over a category C with finite products 
amounts to a monad over C/x>- in the 2-category of 
C-indexed categories, where V is the class of first pro- 
jections (corresponding to constant type dependency). 

In general the natural transformation t has to be 
given as an extra parameter for models. However, t 
is uniquely determined (but it may not exists) by T 
and the cartesian structure on C, when C has enough 
points. 

Proposition 2.4 If (T, 77, n) is a monad over a cat- 
egory C with finite products and enough points (i.e. 
for any f,g: A — ► B if h; f = h; g for every points 
h: 1 — > A, then f = g), and tA,B is a family of mor- 
phisms s.t. for all points a: 1 — > A and b: 1 — > TB 

(a,b);t A ,B = b;T((\ B ;aAd B )) 

where \ B is the unique morphism from B to the ter- 
minal object 1, then (T,t],^,t) is a strong monad over 
C. 

Remark 2.5 The tensorial strength t induces a natu- 
ral transformation ipA,B from TA x TB to T(A x B), 
namely 

i>A,B — cta,tb', trs.A! {ctb.a; ^a,b)* 
where c is the natural isomorphism 

• c a ,b- A x B — » B x A 

The morphism ipA,B has the correct domain and 
codomain to interpret the pairing of a computation of 
type A with one of type B (obtained by first evaluating 
the first argument and then the second). There is also 



3 A functorial strength for an cndofunctor T is a natural 
transformation st a, b'-B a ~+ (TB) TA which internalizes the 
action of T on morphisms. 



a dual notion of pairing, ipA.B = ca,b\^b,a\Tcb,a 
(see [5]), which amounts to first evaluating the second 
argument and then the first. 

The reason why a functional type A — > B in a pro- 
gramming language (like ML) cannot be interpreted 
by the exponential B A (as done in a ccc) is fairly ob- 
vious; in fact the application of a functional procedure 
to an argument requires some computation to be per- 
formed before producing a result. By analogy with 
partial cartesian closed categories (see [8, 11]), we will 
interpret functional types by exponentials of the form 
(TB) A . 

Definition 2.6 A A c -model over a category C with 
finite products is a strong monad (T, 77, fi, t) together 
with a T-exponential for every pair (A, B) of objects 
in C, i.e. a pair 

((TB) A ,evzl A , TB : ((TB) A x A) -> TB) 

satisfying the universal property that for any object C 
and f: (C x A) — > TB there exists a unique h:C^> 
(TB) A , denoted by A A ,TB,c(f), s.t. 

f = {A A ,TB,c{f) x id A );eval A ,TB 

Like p-exponentials, a T-exponential (TB) A can be 
equivalently defined by giving a natural isomorphism 
C T (C xA,B)= C(C, (TB) A ), where C varies over C. 

The programming language introduced in Sec- 
tion 1 . 1 and its interpretation can be extended accord- 
ing to the additional structure available in a A c -model 
as follows: 

• there is a new type 1 , interpreted by the terminal 
object of C, and two new type constructors n x r 2 
and T\ — T2 interpreted by the product [ti] x [72] 
and the T-exponent (T[r 2 ])" Tl " respectively 

• the interpretation of a well-formed program T h 
e: t, where T is a sequence x\\ t\, . . . , x„: r„, is a 
morphism in Ct from [r] (i.e. [n] x . . . x [r„]) to 
[t] (see Table 3) 4 . 

3 The A c -calculus 

In this section we introduce a formal system, the Ac- 
calculus, with two basic judgements: existence (r h 
e I t) and equivalence (r h e\ = e 2 : r). 



4 In a language with products nonunary commands can be 
treated as unary commands from a product type. 



We claim that the formal system is sound and com- 
plete w.r.t. interpretation in A c -modcls. Soundness 
amounts to showing that the inference rules are admis- 
sible in any A c -model, while completeness amounts to 
showing that any A c -theory has an initial model (given 
by a term- model construction). The inference rules of 
the A c -calculus are partitioned as follows: 

• general rules for terms denoting computations, 
but with variables ranging over values (see Ta- 
ble 4) 5 

• the inference rules for let-constructor and types of 
computations (see Table 5) 

• the inference rules for product and functional 
types (see Table 6) 

Remark 3.1 A comparison among A c -, A v - and A p - 
calculus shows that: 

• the Av-calculus proves less equivalences between 
A-terms, e.g. (Xx.x)(yz) = (yz) is provable in the 
A c - but not in the A v -calculus 

• the Ap-calculus proves more equivalences between 
A-terms, e.g. (Xx.yz) (yz) = (yz) is provable in the 
A p - but not in the A c -calculus, because y can be 
a procedure, which modifies the store (e.g. by in- 
creasing the value contained in a local static vari- 
able) each time it is executed. 

• a A-term e has a value in the A c -calculus, i.e. 
e is provably equivalent to some value (cither a 
variable or a A-abstraction) , iff e has a value in 
the A v -calculus/ Ap-calculus. So all three calculi 
are correct w.r.t. call-by-value operational equiv- 
alence. 

Conclusions and further research 

The main contribution of this paper is the category- 
theoretic semantics of computations and the general 
principle for extending it to more complex languages 
(see Remark 2.3), while the A c -calculus is a straightfor- 
ward fallout, which is easier to understand and relate 
to other calculi. 

This semantics of computations corroborates the 
view that (constructive) proofs and programs are 



5 The general rules of sequent calculus, more precisely those 
for substitution and quantifiers, have to be modified slightly, 
because variables range over values and types can be empty. 
These modifications are similar to those introduced in the logic 
of partial terms (see Section 2.4 in [9]). 



rather unrelated, although both of them can be un- 
derstood in terms of functions. For instance, vari- 
ous logical modalities (like possibility and necessity in 
modal logic or why not and of course of linear logic) are 
modelled by monads or comonads which cannot have a 
tensorial strength. In general, one should expect types 
suggested by logic to provide a more fine-grained type 
system without changing the nature of computations. 

Our work is just an example of what can be achieved 
in the study of programming languages by using a 
category-theoretic methodology, which free us from 
the irrelevant detail of syntax and focus our mind on 
the important structures underlying programming lan- 
guages. We believe that there is a great potential to be 
exploited here. The A c -calculus open also the possibil- 
ity to develop a new Logic of Computable Functions 
(see [12]), based on an abstract semantic of compu- 
tations rather than domain theory, for studying ax- 
iomatically different notions of computation and their 
relations. 
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RULE 


SYNTAX 




SEMANTICS 


var 










x: T \~ X'.T 






let 


X\T \~ ei'.Ti 
Xi * Ti h~ Fo' To 


= 


5i 




i:rh (let X\=e\ ine 2 ): t 2 


= 


5i;52 


p: Ti r 2 


i:rh e i : t\ 








x: t h p(ei): r 2 


= 


5i;p* 


[-] 


i:rh e: r' 








i:rh [e]:7V 






n 


i:rh e:7V 




9 




i:rh /x(e): t' 







Table 1: Programs and their interpretation 



RULE 


SYNTAX 


SEMANTICS 


eq 








ir: Ti h ei: t 2 


= 9i 




n h e 2 : t 2 


= 92 




n h ei = e 2 : r 2 


9i = 92 


ex 








ir: ri h e: r 2 


= 9 






g factors through 77j T2 ] 




i.e. there exists (unique) ft- s.t. g = h; ?7j T2 j 



Table 2: Atomic assertions and their interpretation 



RULE 


SYNTAX 




SEMANTICS 


var 












= 




let 


Th ei:n 

1 ,X\\ T\ h e 2 : t 2 


= 


9i 

92 




r h (let a;i=ei in e 2 ): r 2 


= 




* 










Th *:1 


= 




0 


1 h ei: ri 
r h e 2 : r 2 


= 


9i 

92 




1 h (ei, e 2 ): ri x r 2 




(01>02);^[ti],[ts] 


7Ti 


r h e: n x t 2 


= 












A 


1 ,xi:n h e 2 :r 2 




3 




r h (Axi: ri.e 2 ): n r 2 


= 


A [ri],T[r 2 ],[r](ff);'7[r 1 -r 2 ] 


app 


Th ei:n 

T h e: n — ^ r 2 








Th e(ei):r 2 




(3,3l); ^(Tl^D^KM' ( eVal l-riJ,nT2])* 



Tabic 3: Interpretation in a A c -modcl 



We write _[x: = e] for the substitution of x with e in 

e.x r h x 1 r 

subst tt - ; — it i 

T h = e] 

= is an congruence relation 



Table 4: General rules 



We write (let x=e in e) for (let X\=e\ in (. . . (let x n =e n in e) . . .)), where n is the lcnght of the sequence x (and e). 
In particular, (let 0=0 in e) stands for e. 

unit T h (let x=e'mx) = e: t 

ass T h (letx 2 =(letxi=eiine 2 )ine) = (let X\—e\ in (let x 2 =e 2 in e)): r X\ £ FV(e) 

let./3 T h (let x\=X2 ine) = e[xi: — x 2 ]:t 
let.p T h p(e) = (let x=einp(x)): t 

E.[_] rh [e] | Tr 

T./3 rh /x([e]) = e:r 
T.»j T h [fj,(x)] = x: Tt 

Table 5: rules for let and computational types 



e.* r h * 1 1 

l.rj r h * = x: 1 

E.<_) Th (x u x 2 ) |n xr 2 

lct.(_) T h (ei,e 2 ) = (leta;i,x 2 =ei,e 2 in(xi,x 2 )):Ti x t 2 

E.7T 4 T h TTi(x) | Ti 

x.j3 T h 7ri((xi,x 2 )) = Xi-.Ti 

x.rj T h (7Ti(x),7r 2 (x)) = x: n x t 2 

E.A Th (Ax:n.e) |n ^r 2 

/3 T h (Axi:n-e 2 )(xi) = e 2 :r 2 

T] T h (Axi : n )) = x: n — 1 n 

Table 6: rules for product and functional types 



